# Add Your Gateway as a Trusted Peer to the Execution Layer Client

To keep your Gateway reliably connected to your execution client, you must add it as a **trusted peer**. The bloXroute Gateway connects as a peer to your node. If your node hits its peer limit, untrusted connections (like the Gateway) can be dropped unless explicitly allowed.

#### Why This Matters

Without adding the Gateway to your trusted peers:

* Your node may reject the connection.
* You risk losing access to the BDN for transaction/block propagation.

#### Step 1: Get Your Gateway Enode

Each time the Gateway starts, it generates a new enode unless a private key is specified. To make the enode persistent, use the `--private-key` flag when starting your Gateway.

**Generate Keys (Before Starting the Gateway)**

* To make your Gateway’s enode persistent across restarts, you’ll need to generate a private/public key pair.

  * Use this guide to generate your key pair:\
    👉 [Generate Gateway Keys (gist)](https://gist.github.com/miguelmota/3793b160992b4ea0b616497b8e5aee2f)

  Once generated, supply the private key using the `--private-key` flag when starting the Gateway to ensure the enode stays consistent.

**Get Your Enode (If Gateway Is Already Running)**

* **Option 1:** Check startup logs\
  Look for a line like:\
  `Started P2P networking self=enode://<GW_PUBLIC_KEY>`
* **Option 2:** Use `bxcli` with gRPC\
  Run:

  ```bash
  docker exec -it bxgateway-go bxcli status
  ```

  Look under `gateway_info → gateway_public_key`.

#### Step 2: Add Gateway as a Trusted Peer in Your Node

You can choose from the following options:

* **Temporary (does not persist after restart):**
  * Use JSON-RPC:

    ```bash
    curl -H 'Content-Type: application/json' \
    -d '{"method": "admin_addTrustedPeer", "params": ["enode://<GATEWAY_PUBLIC_KEY>"], "id":1}' \
    http://localhost:8545
    ```
  * Use Geth console:

    ```
    geth attach
    admin.addTrustedPeer("enode://<GATEWAY_PUBLIC_KEY>")
    ```
* **Recommended (persistent):**\
  Edit your Geth config file and add the enode under the `[Node.P2P]` section:

  ```toml
  [Node.P2P]
  TrustedNodes = ["enode://<GATEWAY_PUBLIC_KEY>"]
  ```

  You can generate a config from your current setup using:

  ```bash
  geth dumpconfig
  ```